Relationship Based Trust Verification Schema
A computationally-implemented method, in accordance with certain example embodiments, may include, but is not limited to: receiving at a computer device one or more behavioral fingerprints associated with one or more network accessible users; receiving an authentication request at the computer device, the authentication request associated with one or more proposed transactions of the one or more network accessible users; and transmitting from the computer device a decision associated with the authentication request, the decision based at least partially on a trust verification schema generated from a relational mapping of the one or more behavioral fingerprints associated with the one or more network accessible users. In addition to the foregoing, other aspects are presented in the claims, drawings, and written description forming a part of the present disclosure.
The present application is related to and claims the benefit of the earliest available effective filing date(s) from the following listed application(s) (the “Related Applications”) (e.g., claims earliest available priority dates for other than provisional patent applications or claims benefits under 35 USC §119(e) for provisional patent applications, for any and all parent, grandparent, great-grandparent, etc. applications of the Related Application(s)). All subject matter of the Related Applications and of any and all parent, grandparent, great-grandparent, etc. applications of the Related Applications is incorporated herein by reference to the extent such subject matter is not inconsistent herewith.
RELATED APPLICATIONSFor purposes of the USPTO extra-statutory requirements:
-
- (1) the present application claims benefit of priority of U.S. Provisional Patent Application No. 61/632,836 (Atty. Docket No. SE1-0540-US), entitled “Behavioral Fingerprint Based Authentication”, naming Marc E. Davis, Matthew G. Dyor, Daniel A. Gerrity, Xuedong (XD) Huang, Roderick A. Hyde, Royce A. Levien, Richard T. Lord, Robert W. Lord, Mark A. Malamud, Nathan Myhrvold, and Clarence T. Tegreene, as inventors, filed Sep. 24, 2011, which was filed within the twelve months preceding the filing date of the present application, or is an application of which a currently co-pending application is entitled to the benefit of the filing date;
- (2) the present application claims benefit of priority of U.S. Provisional Patent Application No. 61/572,309 (Atty. Docket No. SE1-0541-US), entitled “Network Acquired Behavioral Fingerprint for Authentication”, naming Marc E. Davis, Matthew G. Dyor, Daniel A. Gerrity, Xuedong (XD) Huang, Roderick A. Hyde, Royce A. Levien, Richard T. Lord, Robert W. Lord, Mark A. Malamud, Nathan Myhrvold, and Clarence T. Tegreene, as inventors, filed Oct. 13, 2011, which was filed within the twelve months preceding the filing date of the present application, or is an application of which a currently co-pending application is entitled to the benefit of the filing date;
- (3) the present application constitutes a continuation-in-part of U.S. patent application Ser. No. 13/373,685 (Atty. Docket No. SE1-0542-US), entitled “Behavioral Fingerprint Device Identification”, naming Marc E. Davis, Matthew G. Dyor, Daniel A. Gerrity, Xuedong (XD) Huang, Roderick A. Hyde, Royce A. Levien, Richard T. Lord, Robert W. Lord, Mark A. Malamud, Nathan Myhrvold, and Clarence T. Tegreene, as inventors, filed on Nov. 23, 2011, which is currently co-pending, or is an application of which a currently co-pending application is entitled to the benefit of the filing date;
- (4) the present application constitutes a continuation-in-part of U.S. patent application Ser. No. 13/373,684 (Atty. Docket No. SE1-0543-US), entitled “Behavioral Fingerprint Controlled Automatic Task Determination”, naming Marc E. Davis, Matthew G. Dyor, Daniel A. Gerrity, Xuedong (XD) Huang, Roderick A. Hyde, Royce A. Levien, Richard T. Lord, Robert W. Lord, Mark A. Malamud, Nathan Myhrvold, and Clarence T. Tegreene, as inventors, filed on Nov. 23, 2011, which is currently co-pending, or is an application of which a currently co-pending application is entitled to the benefit of the filing date;
- (5) the present application constitutes a continuation-in-part of U.S. patent application Ser. No. 13/373,680 (Atty. Docket No. SE1-0544-US), entitled “Behavioral Fingerprint Controlled Theft Detection and Recovery”, naming Marc E. Davis, Matthew G. Dyor, Daniel A. Gerrity, Xuedong (XD) Huang, Roderick A. Hyde, Royce A. Levien, Richard T. Lord, Robert W. Lord, Mark A. Malamud, Nathan Myhrvold, and Clarence T. Tegreene, as inventors, filed on Nov. 23, 2011, which is currently co-pending, or is an application of which a currently co-pending application is entitled to the benefit of the filing date;
- (6) the present application constitutes a continuation-in-part of U.S. patent application Ser. No. 13/373,677 (Atty. Docket No. SE1-0545-US), entitled “Trust Verification Schema Based Transaction Authorization”, naming Marc E. Davis, Matthew G. Dyor, Daniel A. Gerrity, Xuedong (XD) Huang, Roderick A. Hyde, Royce A. Levien, Richard T. Lord, Robert W. Lord, Mark A. Malamud, Nathan Myhrvold, and Clarence T. Tegreene, as inventors, filed on Nov. 23, 2011, which is currently co-pending, or is an application of which a currently co-pending application is entitled to the benefit of the filing date;
- (7) the present application constitutes a continuation-in-part of U.S. patent application Ser. No. 13/373,682 (Atty. Docket No. SE1-0546-US), entitled “Social Network Based Trust Verification Schema”, naming Marc E. Davis, Matthew G. Dyor, Daniel A. Gerrity, Xuedong (XD) Huang, Roderick A. Hyde, Royce A. Levien, Richard T. Lord, Robert W. Lord, Mark A. Malamud, Nathan Myhrvold, and Clarence T. Tegreene, as inventors, filed on Nov. 23, 2011, which is currently co-pending, or is an application of which a currently co-pending application is entitled to the benefit of the filing date;
- (8) the present application constitutes a continuation-in-part of U.S. patent application Ser. No. 13/475,564 (Atty. Docket No. SE1-0547-US), entitled “Behavioral Fingerprint Based Authentication”, naming Marc E. Davis, Matthew G. Dyor, Daniel A. Gerrity, Xuedong (XD) Huang, Roderick A. Hyde, Royce A. Levien, Richard T. Lord, Robert W. Lord, Mark A. Malamud, Nathan Myhrvold, and Clarence T. Tegreene, as inventors, filed on May 18, 2012, which is currently co-pending, or is an application of which a currently co-pending application is entitled to the benefit of the filing date; and
- (9) the present application constitutes a continuation-in-part of U.S. patent application Ser. No. 13/538,385 (Atty. Docket No. SE1-0548-US), entitled “Network Acquired Behavioral Fingerprint for Authentication”, naming Marc E. Davis, Matthew G. Dyor, Daniel A. Gerrity, Xuedong (XD) Huang, Roderick A. Hyde, Royce A. Levien, Richard T. Lord, Robert W. Lord, Mark A. Malamud, Nathan Myhrvold, and Clarence T. Tegreene, as inventors, filed on Jun. 29, 2012, which is currently co-pending, or is an application of which a currently co-pending application is entitled to the benefit of the filing date.
The United States Patent Office (USPTO) has published a notice to the effect that the USPTO's computer programs require that patent applicants reference both a serial number and indicate whether an application is a continuation or continuation-in-part. Stephen G. Kunin, Benefit of Prior-Filed Application, USPTO Official Gazette Mar. 18, 2003, available at http://www.uspto.gov/web/offices/com/sol/og/2003/week11/patbene.htm. The present Applicant Entity (hereinafter “Applicant”) has provided above a specific reference to the application(s) from which priority is being claimed as recited by statute. Applicant understands that the statute is unambiguous in its specific reference language and does not require either a serial number or any characterization, such as “continuation” or “continuation-in-part,” for claiming priority to U.S. patent applications. Notwithstanding the foregoing, Applicant understands that the USPTO's computer programs have certain data entry requirements, and hence Applicant is designating the present application as a continuation-in-part of its parent applications as set forth above, but expressly points out that such designations are not to be construed in any way as any type of commentary and/or admission as to whether or not the present application contains any new matter in addition to the matter of its parent application(s).
FIELD OF INVENTIONThis invention relates generally to the field of relationship based trust verification schema based on behavioral fingerprints of network accessible users.
SUMMARYFor certain example embodiments, a computationally-implemented method may include, but is not limited to: receiving at a computer device one or more behavioral fingerprints associated with one or more network accessible users; receiving an authentication request at the computer device, the authentication request associated with one or more proposed transactions of the one or more network accessible users; and transmitting from the computer device a decision associated with the authentication request, the decision based at least partially on a trust verification schema generated from a relational mapping of the one or more behavioral fingerprints associated with the one or more network accessible users. In addition to the foregoing, other example method aspects are described or included in the claims, drawings, and written description forming a part of the present disclosure.
In one or more various aspects, related systems may include, but are not limited to, circuitry and/or programming for effecting the herein referenced method aspects; the circuitry and/or programming can be virtually any combination of hardware, software, and/or firmware in one or more machines or articles of manufacture configured to effect the herein-referenced method aspects depending upon the design choices of a system designer.
For certain example embodiments, a computationally-implemented system may include, but is not limited to: means for receiving at a computer device one or more behavioral fingerprints associated with one or more network accessible users; means for receiving an authentication request at the computer device, the authentication request associated with one or more proposed transactions of the one or more network accessible users; and means for transmitting from the computer device a decision associated with the authentication request, the decision based at least partially on a trust verification schema generated from a relational mapping of the one or more behavioral fingerprints associated with the one or more network accessible users. In addition to the foregoing, other example system aspects are described or included in the claims, drawings, and written description forming a part of the present disclosure.
For certain example embodiments, a computationally-implemented system may include, but is not limited to: circuitry for receiving at a computer device one or more behavioral fingerprints associated with one or more network accessible users; circuitry for receiving an authentication request at the computer device, the authentication request associated with one or more proposed transactions of the one or more network accessible users; and circuitry for transmitting from the computer device a decision associated with the authentication request, the decision based at least partially on a trust verification schema generated from a relational mapping of the one or more behavioral fingerprints associated with the one or more network accessible users. In addition to the foregoing, other example system aspects are described or included in the claims, drawings, and written description forming a part of the present disclosure.
For certain example embodiments, with at least one processor-accessible medium bearing processor-executable instructions, the processor-executable instructions may include, but are not limited to: one or more instructions for receiving at a computer device one or more behavioral fingerprints associated with one or more network accessible users; one or more instructions for receiving an authentication request at the computer device, the authentication request associated with one or more proposed transactions of the one or more network accessible users; and one or more instructions for transmitting from the computer device a decision associated with the authentication request, the decision based at least partially on a trust verification schema generated from a relational mapping of the one or more behavioral fingerprints associated with the one or more network accessible users. In addition to the foregoing, other example processor-accessible medium aspects are described or included in the claims, drawings, and written description forming a part of the present disclosure.
For certain example embodiments, a computer program product comprises an article of manufacture that may bear, among other instructions: one or more instructions for receiving at a computer device one or more behavioral fingerprints associated with one or more network accessible users; one or more instructions for receiving an authentication request at the computer device, the authentication request associated with one or more proposed transactions of the one or more network accessible users; and one or more instructions for transmitting from the computer device a decision associated with the authentication request, the decision based at least partially on a trust verification schema generated from a relational mapping of the one or more behavioral fingerprints associated with the one or more network accessible users. In addition to the foregoing, other example computer program product aspects are described or included in the claims, drawings, and written description forming a part of the present disclosure.
For certain example embodiments, a method may relate to handling an authentication request using at least one behavioral-fingerprint-generated trust verification schema, with the method including, but not being limited to: receiving at a computer device one or more behavioral fingerprints associated with one or more network accessible users; receiving an authentication request at the computer device, the authentication request associated with one or more proposed transactions of the one or more network accessible users; and transmitting from the computer device a decision associated with the authentication request, the decision based at least partially on a trust verification schema generated from a relational mapping of the one or more behavioral fingerprints associated with the one or more network accessible users, wherein at least one of the receiving the one or more behavioral fingerprints, the receiving the authentication request, or the transmitting the decision is performed via at least one of a machine, an article of manufacture, or a composition of matter.
The foregoing summary is illustrative only and is not intended to be in any way limiting. In addition to the illustrative aspects, embodiments, and features described above, further aspects, embodiments, and features will become apparent by reference to, e.g., the drawings, the claims, and the following detailed description.
In the following detailed description, reference is made to the accompanying drawings, which form a part hereof. In the drawings, similar symbols typically identify similar components, unless context dictates otherwise. The illustrative embodiments described in the detailed description, drawings, and claims are not meant to be limiting. Other embodiments may be utilized, and other changes may be made, without departing from the spirit or scope of the subject matter presented here.
Advances in computing technologies and related technologies (e.g., visual display technology, battery technology, etc.) resulted in the development of computing devices with tremendous processing power and relatively small form factors. Examples of such computing devices include, for example, laptops, Netbooks, tablet computers (i.e., “slate” computers), e-readers, smartphones, and so forth. Having a small form factor with tremendous processing power presents numerous opportunities for developing applications that previously required desktop computers or other stationary devices. One problem with the numerous applications available on a small form factor is that authentication becomes paramount. For example, if an application enables a mobile phone or a smartphone or a computing device, such as a key fob to open doors to a home, it is important to determine that the user of the device/phone/fob is the true owner. For example,
Embodiments herein are directed to enabling authentication and verification to be determined based on a behavioral fingerprint of the true owner of a device.
In accordance with various embodiments, computationally implemented methods, systems, and articles of manufacture are provided that can determine a level of authentication of a first user of a computing device; and in response to determining the level of authentication, automatically enable one or more actions as a function of the level of authentication. In various embodiments, such computationally implemented methods, systems, and articles of manufacture may be implemented at the computing device and/or a computer server networked to a computing device.
Referring now to
Referring to
Although the computing device 10 illustrated in
The first user 20 can be an authorized user of computing device 10 or a person who has no connection to the computing device 10. In an embodiment, a level of authentication and/or a behavioral fingerprint can be determinative of the accessibility of computing device 10. In an embodiment, computing device 10 determines a level of authentication of first user 20 of a computing device 10. In an embodiment, computing device 10 uses the level of authentication to enable or disable automatic functions of the computing device 10. For example, computing device 10 can be configured to automatically open doors to a home, car, or other authorized user-designated item, depending on the level of authentication of the computing device at that time.
In accordance with an embodiment, the level of authentication determination relies at least in part on the behavioral fingerprint of one or more authorized users of computing device 10. The behavioral fingerprint can be determined based on statistical calculations on social network collected data, sensor-provided data, user input and/or a combination of such data. Thus, the level of authentication can be affected by a behavioral fingerprint of an authorized user of computing device 10, which may include social network collected data. The level of authentication can also be affected by various aspects at the time computing device 10 is turned on, such as aspects surrounding computing device 10 and/or aspects of the computing device itself (e.g., movements or detected images). For example, when the computing device 10 of
For example, a manufacturer of computing device 10 may be able to override a behavioral fingerprint of an authorized user of computing device 10 via the level of authentication, by entering a secret code, such as a manufacturer's accessibility code or the like in order to perform work on computing device 10.
In one or more embodiments, first user 20 can be a network-accessible user for which computing device 10 is just one of many network-accessible devices that network-accessible user 20 may use to access the internet, a cloud server, a mobile network or the like. A network-accessible user can be an owner and/or operator of computing device 10 and other devices. According to an embodiment, network-accessible user 20 can have a behavioral fingerprint that exists outside of computing device 10, that can exist in a cloud computing system for which servers 30 are connected. Devices 30 can further have a presence in the cloud computing system to enable the embodiments described herein. For example, each of devices 30 can be a network-accessible device to which network-accessible user 20 could be connected. Thus, network-accessible user 20 could be a user of one or several devices simultaneously. Network-accessible user 20 could also be a user of a public computing device, for example, if none of devices 30 are available to network-accessible user.
Referring now to
In various embodiments, the level of authentication module 102 of
Note that although
In various embodiments, the memory 114 of the computing device 10 of
Turning now to
The behavioral fingerprint catalogue or library of anomalous actions may be stored as part of behavioral fingerprint library 170 stored in memory 114 (see
In some embodiments, the computing device 10 may include logic that is designed to determine data from a combination of sensors 120 (e.g., of
Alternatively or additionally, in some embodiments, the computing device 10 may be endowed with a facial recognition system (e.g., facial recognition software) that when employed with one or more image capturing devices 204 may be used in order to determine the presence or absence of a face associated with an owner of computing device 10 and compare to the first user 20. If the face associated with the owner of computing device 10 does not match first user 20 then a determination may be made to alter the level of authentication associated with first user 20. In addition to face recognition, other logic can include using the field of view of image capturing device 16 or audio capturing devices of the computing device 10 to identify an authorized user of computing device through other recognition processes, such as fingerprint, retina, voice verification, global positioning system (GPS) locating of the owner of computing device 10 or other personal identification.
In various embodiments, the one or more items that access may be restricted to may be one or more electronic items that may have been open or running prior to a level of authentication change of the computing device 10 and/or electronic items that were accessible through the computing device 10 (e.g., electronic documents and files that were stored in the computing device 10) prior to an alteration of the level of authentication of the computing device 10.
Statistical level determination module 218 may be configured to apply statistical algorithms, comparative analysis, statistical probability functions, and the like to determine a statistical level of authentication for computing device 10. In one embodiment, statistical level determination module 218 may apply a weighting function, which determines a level of authentication based on received data from scanners, and other devices, and a behavioral fingerprint, with each received data having a predetermined weight regarding relevance to authentication. Statistical level determination module 218 may additionally or alternatively analyze anomalous actions to determine or infer the level of authentication. To further determine or at least infer that the computing device 10 should have a low level of authentication, statistical examination/analysis of the detected anomalous action movements of the computing device 10 may involve comparing the detected anomalies of the computing device 10 with catalogued or library anomalous action movements (which may be stored in the memory 114 of the computing device 10) that are identified as being movements associated with, for example, a transfer of computing device 10, a dropping of computing device 10, an action incompatible with the stored predicted actions of an authorized user, or an alert received from a social network that an expected or previously possessory authorized user does not have possession of computing device 10.
Computing device 10 may maintain in its memory 114 (see
Behavioral fingerprint interaction module 210 may receive data from behavior fingerprint module 106/106a and/or behavioral fingerprint library 170. Behavioral fingerprint interaction module 210 can apply the data relating to one or more behavioral fingerprints of authorized users to determine a level of authentication. More particularly, level of authentication module 102/102a may be configured to receive a behavioral fingerprint as a list of activities, warnings, anomalous actions, and the like. Specific details related to the level of authentication module 102/102a as well as the above-described sub-modules of the level of authentication module 102 will be provided below with respect to the operations and processes to be described herein.
Referring now to
As illustrated, the access restricting module 104/104a may include one or more sub-logic modules in various alternative implementations. For example, in various implementations, the access restricting module 104/104a may include a partial access providing module 232, a no access module 234, a viewing access restricting module 236 (which may further include a visual hiding module 237 that may further include a visual replacing module 238), an audio access restricting module 240 (which may further include an audio hiding module 241 that may further include an audio replacing module 242), an editorial restricted format presenting module 245, a functional restricting format presenting module 250, an open item ascertaining module 252, a document access restricting module 254 (which may further include a productivity document access restricting module 255, a message access restricting module 256, an image document access restricting module 257, and/or an audio document access restricting module 258), and/or a password access restricting module 262. As further illustrated in
An example of how access restricting module 104/104a operates includes determining whether one or more productivity documents are word processing documents and then restricting access to such items may involve hiding or disguising representations of the documents in a directory (e.g., deleting document names or subject headings in the directory or replacing the document names or subject headings in the directory with pseudo-names or subject headings). Alternatively, a non-editable form of the documents may be presented in order to restrict access to such documents. If, on the other hand, the one or more items are one or more software applications, then restricting access to such items may involve denying use of one or more functionalities associated with the items (e.g., applications). For example, if the one or more items include a word processing application, then restricting access to such an application may involve, although allowing general access to such an application, disabling one or more editing functions of the application.
One way to monitor actions taken by first user 20 with respect to computing device 10 is to directly detect such actions using one or more sensors shown in
Referring now to
In various embodiments, logic modules level of authentication module 102c, the behavioral fingerprint module 106c, the access restricting module 104c, and the alert generating module 108c of the computer server 30 of
Note that
In various embodiments, the memory 114c of the computer server 30 of
Referring now to
As shown,
Social network library 302 may be configured to store interactions between authorized users and other entities. For example, one or more social networks may include Facebook™, Twitter™, Pinterest™, Google+™, Myspace™, Foursquare™, Flickr™, Classmates.com™, Match.com™, and so forth. A social network library 302 may be configured to store messages from one or more social networks such that a behavioral fingerprint module 106/106a may determine if action needs to be taken based on the messages. For example, an authorized user of a computing device 10 or another device via computer server 30 or over network 50 may post a message via a social network that computing device 10 is no longer under his/her control. Computing device 10 may automatically receive such a post over a network connection, e.g. from computer server 30 via network interface 112/112c, at a social network library 302, which may create a low level of authentication for first user 20, possibly before first user 20 attempts to use computing device 10. A higher level of authentication may be reestablished by an authorized user of computing device 10 after return of possession of computing device 10 in order for an authorized user to have full functionality of computing device 10 or to restore a prior level of authentication or the like.
A social network library 302 may identify any messages with indicative aspects relative to authentication. A social network library 302 may be configured to identify key words, such as “stolen” or “lost” and pass on a warning notification to a behavioral fingerprint module 106/106a/102c or a level of authentication module 102/102a/102c for further processing. In an example embodiment, a social network library 302 may apply a search algorithm to identify key words to assist in determining behaviors that are authentication positive or authentication negative. For example, “stolen” or “lost” may be deemed to comprise authentication negative key words. Conversely, a current message from a current “friend” on Facebook™ and a response using computing device 10 may be deemed to comprise an authentication positive action or actions. Indications that an authorized user of computing device 10 is interacting with previously verified and identified “friends” on Facebook™ may be deemed authentication positive.
For certain example embodiments, a social network library 302 may include at least one trust verification schema 303 as shown in
As illustrated in
For certain example embodiments, a trust verification schema 303 may be created via one or more behavioral fingerprints that include data for a first user 20 as a network accessible user. A schema may be created by mapping data from a behavioral fingerprint for user 20. Arrows 390 (only a portion of which are explicitly identified by reference number in
For certain example embodiments, a trust verification schema 303 may be used to authenticate transactions of any or each of User A, User, B, or User C. In certain example implementations, for each behavioral fingerprint, a level of authentication may be associated therewith. Behavioral fingerprints may enable a social graph to be generated as shown by example schema 303. Additionally or alternatively, a level of authentication for each of Users A, B, or C may be linked based at least partially on schema 303. By way of example but not limitation, as shown by example schema 303 in
For certain example embodiments, a trust verification schema 303 that maps social relationships such as familial/friendship/professional/etc. relationships between or among people or other entities may comprise, by way of example only, a connected child and parent table that stores records, e.g. in a database. Stored records, which may include indicators as to e.g. family or other social connections, may be updated using behavioral fingerprints. With cryptographic protection, for example, different users may have their respective records accessed simultaneously as if they are effectively one record, e.g. in accordance with a mapping represented by or implemented using a schema 303. For certain example implementations, social connections that imply tiered/level relationships may be extracted from one or more behavioral fingerprints associated with one or more network accessible users, including but not limited to those behavioral fingerprints that are updated by monitoring interactions with or by polling/querying/scraping of at least one social network.
As will be appreciated by those of skill in the art with the benefit of the present application, key lengths can change over time as computing capabilities change and progress. As such, the key lengths described herein are exemplary only and not intended to be limiting in any way. Cryptographic library 308 can receive data from social networks or designated sources to create a key pair or to regenerate a key or key pair. For example, as part of an authorized user's behavioral fingerprint, the authorized user could assign parts of a key, either asymmetric or symmetric, to several “friends” on a social network. In the current state of the art, an asymmetric key could include a “public key” and would not need to be kept secret, and a symmetric key could include a “private key” or a “secret” which would need to be protected. For purposes of the present application, in embodiments presented herein, the terms “asymmetric key,” “public key,” and “private key” contemplate possible changes in cryptography algorithms for which different types of asymmetric keys could require protection. Furthermore, embodiments herein contemplate the re-emergence and/or generation of cryptography systems wherein cryptographic keys may be made public and the specific cryptographic algorithms used to generate cryptographic keys may need to be kept secret. For example, in an attempt to thwart piracy, some computer gaming software systems now execute certain security code(s) on a remote server instead of the local device. In this case, the data may be known, but the code implementing the algorithm is kept secret. The use of the terms asymmetric, public, and private should not be interpreted as restricted to the current form of public/private key pair encryption, but rather to the general case of establishing a means of secure communication with some aspect being kept secret. For example, key encryption may be either symmetrical or asymmetrical, with some aspect being known. If an anomalous event occurs which causes the authorized user's behavioral fingerprint to be compromised, an authorized user can reestablish a behavioral fingerprint by notifying each designated “friend” in the social network to send a portion of a key, so that when the key is regenerated, the behavioral fingerprint is rebuilt.
Referring to
Initialization module 312 may be configured to determine an initial behavioral fingerprint associated with an authorized user. The initial behavioral fingerprint can be based on entered data by authorized user, and received data from behavioral fingerprint library 170 and received data from sensor[s] 120.
Fingerprint build/degradation module 314 may be configured to determine whether initial behavioral fingerprint should be altered due to received data from behavioral fingerprint library 170, or sensor[s] 120.
Fingerprint generation module 316 may be configured to determine a current behavioral fingerprint for a first user 20 determined to be an authorized user attempting to operate computing device 10. Fingerprint generation module 316 can also be configured to determine a behavioral fingerprint for an established authorized user based on network received data while computing device 10 is connected to a network connection. In the case of fingerprint generation module 316 existing in a cloud computing setting or computer server 30, fingerprint generation module 316 may be configured to determine a network-based behavioral fingerprint for a plurality of users when first logging into network 50 or cloud computing logging to computer server 30.
A behavioral fingerprint can be determined before first user 20 handles computing device 10. In some embodiments, a manufacturer can set both a behavioral fingerprint and a level of authentication based on information received by first user 20 when ordering computing device 10 or first handling computing device 10. For example, received passwords and the like. In a computer server 30 environment, a behavioral fingerprint can be transferred from another device, such as devices 60. Whether the level of authentication or the behavioral fingerprint controls the accessibility and actions available to first user 20 depends on system requirements and can be adjusted. For example, a behavioral fingerprint may indicate that computing device 20 has been stolen, and, in such a case, the behavioral fingerprint library 170 could be configured to notify level of authentication module 102 of exigent circumstances requiring a reduced access to computing device 10. Likewise, computer server 30 could hold the behavioral fingerprint library 170c and notify a level of authentication module 102 and 102c of exigent circumstances.
Also, a behavioral fingerprint module 106/106a/106c may be configured to rebuild some type of asymmetric key pair or a Triple DES or AES type key after an anomalous event, and notify level of authentication module that an authorized user should have a level of authentication that allows access.
Behavioral fingerprint module 106/106a/106c can receive data related to various types of movements, actions and inputs related to computing device 10. For example, an initial behavioral fingerprint generated by behavioral fingerprint module 106/106a/106c could be configured to communicate to level of authentication logic module 102/102a/102c predetermined inputs to computing device 10 and/or computer server 30 to provide access.
Other examples of the type of movements, actions and inputs that may be tracked for purposes of determining a behavioral fingerprint may include, for example, may be, individually or in combination, those tracked using one or more sensors 120 that may be included with the computing device 10 as illustrated in
The type of access to be restricted in response to determining that the computing device 10 or computer server 30 has an altered level of authentication for first user 20 will depend on a number of factors including what types of actions are requested. For example, if the one or more items are one or more software applications (herein “applications”), then the access restriction may include restriction to one or more functionalities of the one or more applications. Alternatively, access restriction and disabling of the one or more applications in some cases may mean access to the one or more applications being completely blocked or hidden. In contrast, if the one or more items are one or more electronic documents (e.g., productivity documents, image or audio files, etc.), then the access restriction that may be applied to such items may relate to editorial access restrictions (e.g., restrictions to the modifications, deletion, addition, and so forth of the items) of the items as a function of the level of authentication. Likewise, automatic actions and tasks may be restricted or disabled as a function of the level of authentication.
In some cases, restricting access to the one or more items may mean restricting viewing access to the one or more items while in other cases it may mean restricting audio access to the one or more items. In some cases, restricting access to the one or more items may mean complete restriction to access of the one or more items and/or one or more actions, while in other cases, restricting access to the one or more items may mean only a partial restriction to access of the one or more items. In any event, a more detailed discussion related to the various types of access restrictions that may be applied to the one or more items will be provided below with respect to the operations and processes to be described herein.
In some embodiments, the computing device 10 in response to restricting access to the one or more items and preventing one or more automatic actions, may be designed to generate an alert that indicates that the computing device 10 has been reconfigured to restrict access to the one or more items and disable the one or more automatic actions. Note that in some embodiments, the alert can go back and forth between computer server 30 and computing device 10, depending on the source of the alert and the exigency of the alert.
A more detailed discussion related to the computing device 10 of
Further, in
In any event, after a start operation, the operational flow 400 of
In addition to level of authentication operation 404, operational flow 400 includes operation 406, determining via the computing device that the first user has made a request for performance of a task, for example, computing device 10 user interface 110 receiving an input from first user 10 to access an application 160 or the like. Operation 406 is followed by operation 408, performing the task automatically without interference by the first user as a function of the level of authentication of the first user. For instance, the level of authentication module 102/102a of the computing device 10 of
As will be further described herein, the level of authentication operation 404 of
As further illustrated in
Data from various types of sensors 120 may be used in order to determine a level of authentication of the computing device 10. For example, and as further illustrated in
In some implementations, operation 504 may include an operation 505 for storing the sensed one or more actions of the authorized user as further depicted in FIG. 5a. For instance, memory 114, including library of behavioral fingerprints 170 of the computing device 10 of
In the same or different implementations, operation 505 may include an operation 506 for detecting the one or more actions of the authorized user wherein the one or more actions of the authorized user include logging into one or more social networks. For instance, the level of authentication module 102/102a of the computing device 10 of
In the same or alternative implementations, operation 503 may include an operation 507 for detecting one or more keystrokes on the computing device to determine a pattern of use associated with the authorized user. For instance, the level of authentication module 102/102a of the computing device 10 of
Operations 503 may also include an operation 508 for detecting one or more manners for swiping input on the computing device to determine a pattern of use associated with the authorized user as depicted in
Operations 503 may also include an operation 509 for detecting one or more contacts frequently visited by the authorized user on the computing device to determine a visitation pattern associated with the authorized user as depicted in
In some cases, operation 503 may, in turn, include an operation 510, which provides for comparing a stored image of the authorized user to a detected image of the first user via a camera connected to the computing device. For instance, computing device 10 using behavioral fingerprint library 170, authorized user library 304 to store an image of an authorized user, and level of authentication module 102/102a and/or behavior fingerprint module 106/106a comparing the stored image of the authorized user with a received image of first user 20 via sensors 120, such as image capturing device 204.
Referring to operation 504, operation 504 can include operation 511 altering the level of authentication of the first user as a function of the statistical predictability of the one or more future actions of the authorized user. For instance, computing device 10 altering a level of authentication using level of authentication module 102/102a as a function of a statistical probability determined via statistical level determination module 218 to determine one or more future actions of the authorize user.
In the same or different implementations, operation 511 may include an operation 512 for lowering the level of authentication of the first user when the one or more actions of the first user includes a detected anomalous action as further depicted in
In various implementations, the operation 512 for lowering the level of authentication of the first user when the one or more actions of the first user includes a detected anomalous action may include operation 513 for detecting that the first user has performed an action uncharacteristic of the authorized user and/or that the first user has performed an action previously identified by the authorized user as being an action to cause lowering of the level of authentication. For instance, computing device 10, behavioral fingerprint library 170, anomalous activity library 306 alerting level of authentication module 102/102a and behavioral fingerprint library 106/106a of an action anomalous to a stored activity of anomalous activity library 306.
Operation 511 can further include operation 514 alerting a predetermined set of contacts if the statistical predictability of the one or more future actions of the authorized user causes a predetermined level of authentication of the first user. For instance, computing device 10 alerting a predetermined set of contacts via social network library 302 and network interface 112 after statistical level determination module 218 determines that the statistical predictability of one or more future actions of an authorized user causes a predetermined level of authentication of the first user 20. The predetermined level of authentication determined for first user 20 could be a determination that first user has stolen computing device 10, that first user 20 is on a list of users that are unauthorized, that first user 20 has entered several incorrect passwords or the like, which would cause a lowered level of authentication.
Operation 511 can further include operation 515 disabling one or more devices of the authorized user if the level of authentication is lowered to a predetermined level. For instance, computing device 10 disabling one or more devices for which computing device 10 has control when a level of authentication determined by level of authentication module 102/102a is altered to a lower predetermined level. The one or more devices can be configured to be automatically disabled without interference by first user 20 or the authorized user.
Operation 511 can further include operation 516 disabling a mobile device of the authorized user if the level of authentication is lowered to a predetermined level. For instance, computing device 10 disabling a mobile device when a level of authentication determined by level of authentication module 102/102a is altered to a lower predetermined level. The mobile device can be configured to be automatically disabled without interference by first user 20 or the authorized user.
Referring now to
In some implementations, operation 517 may further include an operation 518 for generating a security certificate associated with the authorized user based on a cryptographic key. For instance, cryptographic library 308 of computing device 10 generating a security certificate associated with the authorized user based on a cryptographic key such as a triple DES, AES or an asymmetric key pair, such as a private/public key pair. In doing so, the computing device 10 may store either a private or a public portion of the public/private key pair.
In some embodiments operation 518 may be followed by an operation 519 altering the cryptographic key to enable distribution of one or more altered forms of the cryptographic key to enable rebuilding of the cryptographic key via the gathered data from the at least one social network. For instance, a cryptographic key based on a public/private key pair could have the private key altered such that portions of the cryptographic key can be distributed to users/members/friends on at least one social network such as social networks stored via social network library 302 and the portions can later be gathered from the users/members/friends of the social network.
In various embodiments, operation 517 for determining the level of authentication of the first user at least partially via a reconstructed key formed via gathered data from at least one social network includes operation 525 determining a private/public key pair including a private key and a public key. For instance, cryptographic library 308 determining a private/public key pair with a private key and a public key.
Operation 525 can be followed by operation 526 altering the private key to enable distribution of one or more components of the private key, each of the one or more components of the private key required for the reconstructed key. For instance, a cryptographic key based on a public/private key pair could have the private key separated into components of the cryptographic key for distribution of the one or more components so that the one or more components, or a combination thereof are required for the regenerated key.
Operation 526 can be followed by operation 527 distributing the one or more components of the private key to one or more members of a trusted group. For instance, cryptographic library 308 distributing via network interface 112 one or more components of the private key to one or members of a trusted group, such as members of a group on one or more social networks stored on social network library 302.
In one implementation, operation 517 for determining the level of authentication of the first user at least partially via a reconstructed key formed via gathered data from at least one social network, can further include operation 528 determining the gathered data from the at least one social network via retrieving one or more components of the private key required for the reconstructed key from one or more members of a trusted group via the at least one social network. For instance, cryptographic library 308 gathering data via network interface 112 one or more components of the private key from one or members of a trusted group, such as members of a group of at least one social network stored on social network library 302.
In one implementation, operation 517 can further include operation 529 requesting each of the one or more members of the trusted group for the one or more components of the private key, each of the one or more members having a level of authentication previously granted by the authorized user. For instance, computing device 10 requesting via network interface 112 each of one or more members of a trusted group holding one or more components of the private key generated by cryptographic library 308, and each of the one or more members stored in social network library 302, having a level of authentication previously granted by authorized user and stored in social network library 302.
In one embodiment, operation 517 can further include operation 530 determining one or more members of a trusted group from which to gather the gathered data, the one or more members of the trusted group belonging to the at least one social network, each of the one or more members capable of storing a component to enable forming the reconstructed key. For instance, computing device 10 determining one or more members of a trusted group via social network library 302, each of the one or more members being a member of a social network, and each of the one or more members capable of storing a component of a cryptographic key created via cryptographic library 308 such that the component can be gathered as gathered data to reconstruct the cryptographic key via cryptographic library 308.
As further illustrated in
As further illustrated in
In some implementations, operation 532 may include an operation 533 for restricting access via the computing device to one or more communication applications in response to the determining. For instance, the communication application access restriction module 266 (see
In some cases, the access restricting operation 531 restricting access via the computing device to one or more applications in response to the determining may include an operation 534 for restricting access via the computing device to one or more personal information manager applications in response to the determining. For instance, the personal information manager application access restriction module 267 (see
As further illustrated in
A more detailed discussion related to the computer server 30 of
Further, in
In any event, after a start operation, the operational flow 600 of
As will be further described herein, the behavioral fingerprint operation 604 of
As further illustrated in
Data from various types of sensors 120 may be used in order to determine a behavioral fingerprint to be stored on computer server 30 and computing device 10. For example, and as further illustrated in
In some implementations, operation 703 may include an operation 706 for storing the sensed one or more actions of the authorized user and the two or more designated internet available entities as further depicted in
In some implementations, operation 703 may include an operation 707 for detecting the one or more actions of the authorized user wherein the one or more actions of the authorized user include logging into one or more social networks as further depicted in
In the same or different implementations, operation 703 may include an operation 708 for mapping one or more locations of the authorized user and the two or more designated internet available entities. For instance, the level of authentication module 102/102a/102c of the computing device 10/computer server 30 of
In the same or alternative implementations, operation 703 may include an operation 709 for detecting contact pattern between the authorized user and the two or more designated internet available entities. For instance, the applications 160c applications running on a computer server/cloud computer servers 30 of
Operations 703 may also include an operation 710 for detecting one or more contacts frequently visited by the authorized user via one or more social networks to determine a visitation pattern associated with the authorized user as depicted in
Operations 703 may also include an operation 711 for storing, via the computer sever, one or more locations visited by the authorized user, the one or more locations including one or more of physical locations and internet address-based locations as depicted in
Referring to operation 704, operation 704 can include operation 712 altering the behavioral fingerprint of the authorized user as a function of the sensed one or more actions of the authorized user and the two or more designated internet available entities. For instance, computer server 30 and/or computing device 10 altering a level of authentication using level of authentication module 102/102a/102c as a function of the sensed one or more actions of the authorized user and the two or more designated internet available entities.
In the same or different implementations, operation 712 may include an operation 713 for generating an alert as part of the behavioral fingerprint when the sensed one or more actions of the authorized user includes a detected anomalous action as further depicted in
In various implementations, the operation 713 for generating an alert may include operation 714 for transmitting the alert to the computing device. For instance, computer server 30 sending to computing device 10 via network interface 112c an alert to behavioral fingerprint library 170, anomalous activity library 306 alerting level of authentication module 102/102a and behavioral fingerprint library 106/106a of an action anomalous to a stored activity of anomalous activity library 306.
In various implementations, the operation 713 for generating an alert may include operation 715 for transmitting the alert to one or more applications running on a cloud computing system. For instance computer server 30 operating in a cloud computing environment receiving the alert via network interface 112c.
In various implementations, operation 715 may include operation 716 for transmitting an alert to the two or more internet available entities via the cloud computing system. For instance, alerting a predetermined set of contacts via computer server 30 operating in a cloud environment if the statistical predictability of the one or more future actions of the authorized user causes an alert. For instance, computing device 10 or computer server 30 alerting a predetermined set of contacts via social network library 302 and network interface 112/112c after statistical level determination module 218 determines that the statistical predictability of one or more future actions of an authorized user detects an anomaly.
Operation 712 can further include operation 717 for notifying a predetermined set of contacts if the alert is generated by the authorized user. For instance, computer server 30 notifying one or more devices 60 when alert is generated by an authorized user. The one or more devices can be configured to be automatically notified without interference by first user 20 or the authorized user.
Operation 712 can further include operation 718 for disabling one or more devices of the authorized user if the behavioral fingerprint alteration indicates that the one or more devices of the authorized user have been compromised with respect to authentication. For instance, computing device 10 disabling a mobile device when a behavioral fingerprint determined via library of behavioral fingerprints 170c and behavioral fingerprint module 106c is altered to an untrustworthy level. The devices 60 can be configured to be automatically disabled without interference by first user 20 or the authorized user.
Operation 712 can further include operation 719 for disabling, via the server, a mobile device of the authorized user if the behavioral fingerprint indicates that a level of authentication for the mobile device should be lowered to a predetermined level. For instance, computer server 30 disabling a mobile device or any device 60 when a behavioral fingerprint determined via library of behavioral fingerprints 170/170c and behavioral fingerprint module 106/106a/106c is altered to an untrustworthy level. The mobile device can be configured to be automatically disabled without interference by first user 20 or the authorized user.
Referring now to
In some implementations, operation 720 may further include an operation 721 for generating a security certificate associated with the authorized user based on a cryptographic key. For instance, cryptographic library 308 of computing device 10 generating a security certificate associated with the authorized user based on a cryptographic key such as a triple DES, AES or an asymmetrical key pair such as a private/public key pair. In doing so, the computer server 30 may store a private or a public portion of the public/private key pair.
In some embodiments operation 721 may be followed by an operation 722 altering the cryptographic key to enable distribution of one or more altered forms of the cryptographic key to enable rebuilding of the cryptographic key via the gathered data from the at least one social network. For instance, within computer server 30, a cryptographic key based on a public/private key pair could have the private key altered such that portions of the cryptographic key can be distributed to users/members/friends on at least one social network such as social networks stored via social network library 302 and the portions can later be gathered from the users/members/friends of the social network.
In various embodiments, operation 720 includes operation 728 for determining a private/public key pair including a private key and a public key. For instance, cryptographic library 308 determining a private/public key pair with a private key and a public key.
Operation 728 can be followed by operation 729 for altering the private key to enable distribution of one or more components of the private key, each of the one or more components of the private key required for the reconstructed key. For instance, a cryptographic key based on a public/private key pair could have the private key separated into components of the cryptographic key for distribution of the one or more components so that the one or more components are required for the regenerated key.
Operation 729 can be followed by operation 730 distributing the one or more components of the private key to one or more members of a trusted group. For instance, cryptographic library 308 distributing via computer server 30 network interface 112c one or more components of the private key to one or members of a trusted group, such as members of a group on one or more social networks stored on social network library 302.
In one implementation, operation 720 for reconstructing the behavioral fingerprint of authorized user at least partially via a reconstructed key at least partially formed via data gathered from at least one social network, can further include operation 731 determining the gathered data from the at least one social network via retrieving one or more components of the private key required for the reconstructed key from one or more members of a trusted group via the at least one social network. For instance, cryptographic library 308 gathering data via network interface 112c of computer server 30 one or more components of the private key from one or members of a trusted group, such as members of a group of at least one social network stored on social network library 302.
In one implementation, operation 731 can further include operation 732 for requesting each of the one or more members of the trusted group for the one or more components of the private key, each of the one or more members previously identified by the authorized user. For instance, computer server 30 requesting via network interface 112c each of one or members of a trusted group holding one or more components of the private key generated by cryptographic library 308, and each of the one or more members stored in social network library 302, having a level of authentication previously granted by authorized user and stored in social network library 302.
In one embodiment, operation 720 can further include operation 733 determining one or more members of a trusted group from which to gather the gathered data, the one or more members of the trusted group belonging to the at least one social network, each of the one or more members capable of storing a component to enable forming the reconstructed key. For instance, computer server 30 determining one or more members of a trusted group via social network library 302, each of the one or more members being a member of a social network, and each of the one or more member members capable of storing a component of a cryptographic key created via cryptographic library 308 such that the component can be gathered as gathered data to reconstruct the cryptographic key via cryptographic library 308.
A more detailed discussion related to the computer server 30 of
Further, in
In any event, after a start operation, the operational flow 800 of
As will be further described herein, the controlling/disabling operation 802 of
As further illustrated in
Data from various types of sensors 120 may be used in order to determine a behavioral fingerprint to be stored on computer server 30 and computing device 10.
In some implementations, operation 903 may include an operation 904 for transmitting, from the network accessible theft detection system, an alert signal to at least one or more of a manufacturer of the one or more devices, a law enforcement agency, a trusted group identified by the network accessible user, and/or a social network, the alert signal including data identifying the one or more devices as further depicted in
In some implementations, operation 802 may include an operation 905 for determining the behavioral fingerprint via confirming an internet presence of the network accessible user of the one or more devices as further depicted in
In the same or different implementations, operation 905 may include operations 906, 907 and 908. Operation 906 includes sensing one or more actions of the network accessible user and two or more designated internet available entities. For instance, sensors 120 sensing actions of first user 20 as a network accessible user and sensing the actions of two or more designated internet available entities. In the same or alternative implementations, operation 905 may include an operation 907 for applying reliability criteria to the sensed one or more actions of the network accessible user and the two or more designated internet available entities to generate the behavioral fingerprint of the network accessible user. For instance, the applications 160c applications running on a computer server/cloud computer servers 30 of
Operations 905 may also include an operation 908 for transmitting the behavioral fingerprint to a theft detection system as depicted in
Referring now to
Operation 906 can include operation 910 for detecting the one or more actions of the network accessible user wherein the one or more actions of the network accessible user include logging into one or more social networks. For instance, detecting via sensors 120 one or more actions of first user 20 wherein the actions of the first user include logging into Facebook, Twitter or another social network.
Operation 906 can further include operation 911 for transmitting the sensed one or more actions of the network accessible user and the two or more designated internet available entities to the theft detection system, wherein the theft detection system is a network accessible third-party system. For instance, referring to
Operation 906 can further include operation 912 for detecting a contact pattern between the network accessible user and the two or more designated internet available entities. For instance, sensors 120 residing at computing device 10 and computer server 30 of
Operation 906 can further include operation 913 for detecting one or more contacts frequently visited by the network accessible user via one or more social networks to determine a visitation pattern associated with the network accessible user. For instance, memory 114c, including library of behavioral fingerprints 170c of the computer server 30 of
Operation 906 can also include operation 914 for transmitting the visitation pattern to the theft detection system. For instance, network interface 114 transmitting the visitation pattern to theft detection module 167c in computer server 30 over a network; or sensing the visitation pattern using sensors 120 and transmitting the pattern to theft detection module 167 or 167a within computing device 10.
Operation 906 may also include an operation 915 for transmitting one or more locations visited by the network accessible user to the theft detection system, the one or more locations including one or more of physical locations predicted as being appropriate for the network accessible user as depicted in
Referring now to
Operation 907 can include operations 916 and 917. In particular, operation 916 is for altering the behavioral fingerprint of the network accessible user as a function of the sensed one or more actions of the network accessible user and the two or more designated internet available entities. For instance, computer server 30 and/or computing device 10 altering a behavioral fingerprint using level of authentication module 102/102a/102c or behavioral fingerprint module 106/106a/106c as a function of the sensed one or more actions of the first user 20 and the two or more designated internet available entities. Operation 916 may be followed by an operation 917 for transmitting the altered behavioral fingerprint of the network accessible user to the theft detection system.
In the same or different implementations, operation 916 may include an operation 918 or operation 919. Operation 918 is for generating a disabling signal as part of the behavioral fingerprint when the sensed one or more actions of the network accessible user includes a detected anomalous action as further depicted in
In one implementation, operation 918 may include operation 920 for transmitting the disabling signal to the one or more devices. For instance, computing device 10 or computer server 30 transmitting via network interface 112/112c a disabling signal to one or more devices such as a computing device 10 or devices 60 shown in
In one implementation, operation 918 may include operation 921 for transmitting the disabling signal to one or more applications running on a cloud computing system. In one implementation, operation 921 may include operation 922 for transmitting the disabling signal to the two or more internet available entities via the cloud computing system. Operation 919 in one implementation, is for transmitting the disabling signal to the theft detection system. For instance, network interface 112/112c transmitting a disabling signal to theft detection module 167, 167a or 167c as appropriate.
In various implementations, the operation 916 may include various operations such as operations 923, 924, or 925.
Specifically, in an implementation, operation 923 is for notifying a predetermined set of contacts if the disabling signal is generated by the network accessible user. For instance, computer server 30 sending to computing device 10 via network interface 112c a disabling signal to behavioral fingerprint library 170, anomalous activity library 306 to alerting level of authentication module 102 and behavioral fingerprint library 106/106a of an action anomalous to a stored activity of anomalous activity library 306. In an embodiment, level of authentication module 102 can send out a disabling signal to one more devices in accordance with a list of contacts stored in library 306. For instance, computer server 30 disabling a mobile device or any device 60 when a behavioral fingerprint determined via library of behavioral fingerprints 170c and behavioral fingerprint module 106c is altered to an untrustworthy level. The mobile device can be configured to be automatically disabled without interference by first user 20 or the authorized user.
Operation 924, in an implementation, is for disabling one or more devices of the network accessible user if the behavioral fingerprint alteration indicates that the one or more devices of the network accessible user have been compromised with respect to authentication. For instance, computer server 30 disabling a mobile device or any device 60 when a behavioral fingerprint determined via library of behavioral fingerprints 170c and behavioral fingerprint module 106c is altered to an untrustworthy level. The mobile device can be configured to be automatically disabled without interference by first user 20 or the authorized user.
Operation 925, in an implementation, is for disabling one of the one or more devices, wherein the device is a mobile device of the network accessible user if the behavioral fingerprint indicates that a level of authentication for the mobile device should be lowered to a predetermined level.
Referring now to
Operation 926, in an embodiment, can include operations 927 and 928. Operation 927 includes an implementation for generating a security certificate associated with the network accessible user based on a cryptographic key. For instance, cryptographic library 308 of computing device 10 generating a security certificate associated with the authorized user based on a cryptographic key such as a triple DES, AES or private/public key pair. In doing so, the computer server 30 may store either a private or a public portion of the public/private key pair.
Operation 928 includes altering the cryptographic key to enable distribution of one or more altered forms of the cryptographic key to enable rebuilding of the cryptographic key via the gathered data from the at least one social network. For instance, cryptographic library 308 of computing device 10 generating a security certificate associated with the authorized user based on a cryptographic key such as a triple DES, AES or private/public key pair. The cryptographic key based on a public/private key pair could have the private key altered such that portions of the cryptographic key can be distributed to users/members/friends of the network accessible user. Computer server 30 can determine one or more members of a trusted group via social network library 302, each of the one or more members being a member of a social network such as Facebook™ or the like, and each of the one or more member members capable of storing a component of a cryptographic key created via cryptographic library 308 such that the component can be gathered as gathered data to reconstruct the cryptographic key via cryptographic library 308.
Operation 926 can further include in one implementation, operations 929, 930 and 931. Operation 929 includes determining a private/public key pair including a private key and a public key. For instance, network accessible user can generate a private/public key pair using an IMEI, or other device specific number, such as a serial number or the like.
Operation 926 can include operation 930, for altering the private key to enable distribution of one or more components of the private key, each of the one or more components of the private key required for the reconstructed key. For instance, cryptographic library 308 of computing device 10 generating a security certificate associated with the authorized user based on a cryptographic key such as a triple DES, AES or private/public key pair. The cryptographic key based on a public/private key pair could have the private key altered such that portions of the cryptographic key can be distributed to users/members/friends of the network accessible user on at least one social network such as social networks stored via social network library 302 and the portions can later be gathered from the users/members/friends of the social network by requesting from each of the members of the trusted group the one or more components.
Operation 926 can include operation 931 for distributing, by a network accessible theft detection system, the one or more components of the private key to one or more members of a trusted group the one or more components of the private key to one or more members of a trusted group. For instance, cryptographic library 308 of computing device 10 generating a security certificate associated with the authorized user based on a cryptographic key such as a triple DES, AES or private/public key pair. The cryptographic key based on a public/private key pair could have the private key altered such that portions of the cryptographic key can be distributed to users/members/friends of the network accessible user.
In one embodiment, operation 926 includes operation 932 for determining the gathered data from the at least one social network via retrieving, by the theft detection system, one or more components of the private key required for the reconstructed key from one or more members of a trusted group via the at least one social network. For instance, within computer server 30, a cryptographic key based on a public/private key pair could have the private key altered such that portions of the cryptographic key can be distributed to users/members/friends on at least one social network such as social networks stored via social network library 302 and the portions can later be gathered from the users/members/friends of the social network.
Operation 932 can include operation 933 requesting, by the theft prevention system, each of the one or more members of the trusted group for the one or more components of the private key, each of the one or more members previously identified by the network accessible user. For instance, within computer server 30, a cryptographic key based on a public/private key pair could have the private key altered such that portions of the cryptographic key can be distributed to users/members/friends of the network accessible user on at least one social network such as social networks stored via social network library 302 and the portions can later be gathered from the users/members/friends of the social network by requesting from each of the members of the trusted group the one or more components.
Operation 926 can also include operation 934 for determining, by the theft prevention system, one or more members of a trusted group from which to gather the gathered data, the one or more members of the trusted group belonging to the at least one social network, each of the one or more members capable of storing a component to enable forming the reconstructed key. For instance, network accessible user determining members of a trusted group of friends or persons belonging to Facebook™ or Twitter™ or the like, wherein each of the trusted members are network accessible such that if necessary, a component of a private key can be stored and recovered when needed to reconstruct a key. For instance, computer server 30 determining one or more members of a trusted group via social network library 302, each of the one or more members being a member of a social network, and each of the one or more member members capable of storing a component of a cryptographic key created via cryptographic library 308 such that the component can be gathered as gathered data to reconstruct the cryptographic key via cryptographic library 308.
A more detailed discussion related to computing device 10/computer server 30 of
Further, in
For certain example embodiments, e.g. after a start operation, an operational flow 1000 of
For certain example embodiments, e.g. in addition to a behavioral fingerprint receiving operation 1001, an operational flow 1000 may include an operation 1002 for receiving an authentication request at the computer device, the authentication request associated with one or more proposed transactions of the one or more network accessible users as further illustrated in
For certain example embodiments, an operational flow 1000 of
As is described herein below, an example operational flow 1000 of
For certain example embodiments, in various implementations, an operation 1001 of
For certain example embodiments, as further illustrated in
For certain example embodiments, an operation 1102 may include an operation 1105 for detecting one or more locations visited by at least one of the one or more network accessible users, the one or more locations including one or more of physical locations or internet address-based locations. For certain example implementations, a computer device may detect one or more locations visited by at least one of the one or more network accessible users, the one or more locations including one or more of physical locations (e.g., an address, GPS coordinates or similar, a store or commercial establishment name, an individual's house, a neighborhood, a city, a combination thereof, etc.) or internet address-based locations (e.g., a URL, a web service, a cloud entity, a social network, a virtual world, a location within a virtual world, a combination thereof, etc.). An example instance may include data from various types of sensors 120 used in order to determine one or more locations visited by a first user 20, which locations may be stored on a computer server 30 or a computing device 10. Stored locations may be physical locations, internet addresses, or both.
For certain example embodiments, an operation 1001 may include an operation 1103 for applying at the computer device one or more reliability criteria to the sensed one or more actions of the one or more network accessible users to update the one or more behavioral fingerprints associated with the one or more network accessible users as further depicted in
For certain example embodiments, an operation 1103 may include an operation 1106 for altering at least one of the one or more behavioral fingerprints associated with the one or more network accessible users as a function of the sensed one or more actions of the one or more network accessible users and at least one internet available entity. For certain example implementations, a computer device may alter (e.g., change, update, add an action to, adjust a likelihood value of, issue or process an alert for, include a new contact in, increase a value representing a number of times an action has occurred for, a combination thereof, etc.) at least one behavioral fingerprint associated with one or more network accessible users as a function of one or more sensed actions of the one or more network accessible users and at least one internet available entity (e.g., another, different network accessible user; a cloud system; an email service provider; an interactive web site; a social network; an instant message participant; a texting participant; a social network member; a combination thereof; etc.). An example instance may include using one or more sensors 120 to sense actions of one or more network-accessible users and altering each behavioral fingerprint for each behavioral fingerprint module 106/106a/106c of each user. Altering may include determining a new behavioral fingerprint using sensed actions of one or more network-accessible users. Computer server 30 or computing device 10 may alter a behavioral fingerprint using a level of authentication module 102/102a/102c or a behavioral fingerprint module 106/106a/106c as a function of one or more sensed actions of a first user 20 and at least one internet available entity, which internet available entity may be specifically designated by a user.
Referring now to
For certain example embodiments, an operation 1002 may include an operation 1107 for relationally mapping the one or more behavioral fingerprints based at least partially on one or more relations between or among the one or more network accessible users as indicated by at least one social network. For certain example implementations, a computer device (e.g., a computing device 10, a computer server 30, another device 60, a combination thereof, etc.) may relationally (e.g., with respect to social relations such as family, friends, professional contacts, a combination thereof, etc.; with respect to technical relations such as machines, web/cloud/internet services, resources, a combination thereof, etc.; other forms or kinds of relations; some combination thereof; and so forth) map (e.g., discern, determine, record, a combination thereof, etc. a number of connections, types of connections, endpoints for connections, strengths of connections, a combination thereof, etc.) the one or more behavioral fingerprints based at least partially on one or more relations (e.g., family relations, friendship relations, professional relations, machine relations, web/cloud/internet service relations, resource relations, a combination thereof, etc.) between or among the one or more network accessible users as indicated by at least one social network (e.g., including, inter alia, at least one relational connection determinable via at least one social network). An example instance may include, with reference to
For some example implementations, an operation 1107 may include any one or more of operation 1108, 1109, 1110, 1111, or 1112. For certain example embodiments, an operation 1107 may include an operation 1108 for receiving data at the computer device from the at least one social network, the received data indicating one or more relations between or among the one or more network accessible users. For certain example implementations, a computer device may receive data from at least one social network (e.g., by intercepting social network communications originating from or destined for a network accessible user, in response to a query to a social network, in response to a request in accordance with a specialized protocol or API offered by a social network for relationship data, by monitoring public social network feeds, by scraping or harvesting from a social network website, a combination thereof, etc.), with the received data (e.g., relationship data including explicit relational connections, relational connections derived from relationship data, relationship data that can be used to extract relational connections by processing it, a combination thereof, etc.) indicating one or more relations between or among the one or more network accessible users. An example instance may include, with reference to
For certain example embodiments, an operation 1108 may be followed by an operation 1109 for mapping at the computer device one or more relationships that are extant between or among the one or more network accessible users based at least partially on the indicated one or more relations between or among the one or more network accessible users. For certain example implementations, a computer device may map (e.g., determine, discern, detect, identify, record, align, place in a data structure, graph, a combination thereof, etc. connections, linkages, associations, tiers, levels, common aspects, a combination thereof, etc. representing) one or more relationships (e.g., family, friendship, professional, machine, service, resource, a combination thereof, etc. relationships) that are extant between or among the one or more network accessible users based at least partially on the indicated one or more relations between or among the one or more network accessible users. An example instance may include mapping a trust verification schema 303 as shown in
For certain example embodiments, an operation 1107 may include an operation 1110 for determining at the computer device via the at least one social network that at least one respective network accessible user of the one or more network accessible users has at least one corresponding behavioral fingerprint of the one or more behavioral fingerprints. For certain example implementations, a computer device may determine via at least one social network that at least one respective network accessible user of one or more network accessible users has (e.g., is associated with, is registered to, is capable of configuring, is capable of restricting, is capable of authorizing access to, is assigned to be characterized by, a combination thereof, etc.) at least one corresponding behavioral fingerprint of the one or more behavioral fingerprints. An example instance may include a computer 30 receiving data via network interface 112c from one or more of Twitter™, Facebook™, LinkedIn™, or the like to confirm available behavioral fingerprint data via social network library 302.
For certain example embodiments, an operation 1110 may be followed by an operation 1111 for determining at the computer device if the at least one corresponding behavioral fingerprint is maintained by the at least one respective network accessible user of the one or more network accessible users. For certain example implementations, a computer device may determine if at least one corresponding behavioral fingerprint is maintained by the at least one respective network accessible user of the one or more network accessible users (e.g., determine if the at least one corresponding behavioral fingerprint is kept current, still made accessible, updated periodically, a combination thereof, etc.). An example instance may include a computer server 30 receiving data via a network interface 112c from one or more of Twitter™, Facebook™, LinkedIn™, or the like to confirm current behavioral fingerprint data via social network library 302. Each behavioral fingerprint of each network accessible user, such as a first user 20, may be checked to confirm a minimum level of currency or recency of updating/accessing.
For certain example embodiments, an operation 1111 may be followed by an operation 1112 for relationally mapping by the computer device at least a subset of the one or more network accessible users for which the at least one corresponding behavioral fingerprint is maintained by the at least one respective network accessible user. For certain example implementations, a computer device may relationally map (e.g., identify, store, discover, ascertain, a combination thereof, etc. one or more social or technical connections for) at least a subset (e.g., at least a portion, at least a group, at least a sub-group, a combination thereof, etc.) of the one or more network accessible users for which the at least one corresponding behavioral fingerprint is maintained by the at least one respective network accessible user. An example instance may include mapping connections between or among users A, B, or C as shown in
For certain example embodiments, an operation 1002 may include an operation 1113 for identifying by the computer device one or more relations between or among the one or more network accessible users. For certain example implementations, a computer device may identify one or more relations (e.g., family relations, friendship relations, professional relations, machine relations, web/cloud/internet service relations, resource relations, a combination thereof, etc.) between or among the one or more network accessible users (e.g., relations linking two or more users that are at least occasionally coupled to a network, such as the internet, a social network, a combination thereof, etc.). An example instance may include using a trust verification schema 303 (e.g., as shown in
For some example implementations, an operation 1113 may include an operation 1118 or an operation 1119. For certain example embodiments, an operation 1118 may comprise identifying the one or more relations based at least partially on one or more social network data. For certain example implementations, a computer device may identify one or more relations (e.g., family relations, friendship relations, professional relations, machine relations, web/cloud/internet service relations, resource relations, a combination thereof, etc.) based at least partially on one or more social network data (e.g., explicit relational data offered or provided by a social network, explicit relational data obtainable from a social network via a specialized protocol or API, relational data that is inferred from social network communications, relational data that is ascertainable from social network settings or profile information, a combination thereof, etc.). An example instance may include identifying relations between or among users A, B, or C as shown in
For certain example embodiments, an operation 1113 may include an operation 1119 for identifying the one or more relations via identifying one or more common network accessible users as linked via one or more social networks. For certain example implementations, a computer device may identify one or more relations (e.g., social or technical relations) via identifying one or more common network accessible users as linked (e.g., connected through one or more tiers or levels) via one or more social networks (e.g., identifying network accessible users that are linked to a same one or more other network accessible users or social network members). An example instance may include identifying relations between users A, B, or C as shown in
For certain example embodiments, as shown in
For some example implementations, an operation 1114 may include an operation 1120 or an operation 1121. For certain example embodiments, an operation 1120 may comprise identifying the one or more behavioral fingerprints of the one or more network accessible users. For certain example implementations, a computer device may identify one or more behavioral fingerprints of the one or more network accessible users via at least one social network (e.g., by contacting a server of a social network, by contacting an app of a social network, by contacting a network accessible user via a social network communication capability, a combination thereof, etc.). An example instance may include, after identifying relations between users A, B, or C as shown in
For certain example embodiments, an operation 1114 may include an operation 1121 for comparing the identified one or more behavioral fingerprints based at least partially on one or more relationships existing between or among the one or more network accessible users. For certain example implementations, a computer device may compare one or more identified behavioral fingerprints (e.g., known behavioral fingerprints, newly-discovered behavioral fingerprints from an analysis of known behavioral fingerprints or at least one trust verification schema, a combination thereof, etc.) based at least partially on one or more relationships existing between or among the one or more network accessible users (e.g., relationships determinable from known behavioral fingerprints, from connections of at least one trust verification schema, a combination thereof, etc.). An example instance may include using a trust verification schema 303 (e.g., as shown in
For certain example embodiments, an operation 1002 may include an operation 1117 for generating the trust verification schema at least partially by mapping the correlated one or more behavioral fingerprints with the identified one or more relations. For certain example implementations, a computer device may generate a trust verification schema 303 (e.g., a data structure, a file, a matrix, a graph, a combination thereof, etc. that includes, represents, indicates, a combination thereof, etc. one or more connections or tiered levels of linkages between or among one or more network accessible users) at least partially by mapping (e.g., comparing, finding similarities, locating overlapping aspects, creating a graph, obtaining relations, identifying connections, marking/recording linkages, a combination thereof, etc. with respect to) one or more correlated behavioral fingerprints with one or more identified relations (e.g., family relations, friendship relations, professional relations, machine relations, web/cloud/internet service relations, resource relations, a combination thereof, etc.). An example instance may include generating a trust verification schema (e.g., a trust verification schema 303 as illustrated in
For certain example embodiments, an operation 1117 may include an operation 1125 for generating the trust verification schema using the correlated one or more behavioral fingerprints, wherein the correlated one or more behavioral fingerprints result in a particular level of authentication for one or more groups of related network accessible users of the one or more network accessible users as further depicted in
For some example implementations, an operation 1125 may include an operation 1127 or an operation 1128, which may follow an operation 1127. For certain example embodiments, an operation 1127 may comprise determining at least one proximity of relation for the one or more network accessible users based at least partially on one or more social network linkages that are confirmed by at least a portion of the one or more network accessible users. For certain example implementations, a computer device may determine at least one proximity of relation for (e.g., a number of levels or tiers between or among) one or more network accessible users based at least partially on one or more social network linkages (e.g., arrows 390, family connections, friendship connections, professional connections, server connections, a combination thereof, etc.) that are confirmed (e.g., via a response to an explicit inquiry, by providing or authorizing the providing of a behavioral fingerprint, a combination thereof, etc.) by at least a portion of the one or more network accessible users. An example instance may include receiving from one or more network accessible users their behavior fingerprint(s) and determining a proximity of relation via analyzing/plotting/graphing arrows 390 or other connections of a generated trust verification schema 303 (e.g., as illustrated in
For certain example embodiments, an operation 1128 may comprise determining at least one level of relation between or among the one or more network accessible users based at least partially on the determined at least one proximity of relation for the one or more network accessible users. For certain example implementations, a computer device may determine at least one level of relation (e.g., a family relation, an immediate family relation, an extended family relation, an in-law relation, a parent-child relation, a sibling relation, a living-in-the-same household relation, a roommate relation, a distant relative relation, a close friends relation, an acquaintances relation, a co-workers relation, a relation corresponding to being directly connected for a first tier, a relation corresponding to being connected via one intermediate linking server/device or person for a second tier, a relation corresponding to being connected via two intermediate linking servers/devices or persons for a third tier, a combination thereof, and so forth) between or among the one or more network accessible users based at least partially on the determined at least one proximity of relation for the one or more network accessible users. An example instance may include determining a level of relation or how close two or more network accessible users (such as users A, B, or C) are as illustrated in
For some example implementations, an operation 1128 may include an operation 1129 or an operation 1130. For certain example embodiments, an operation 1129 may comprise altering the at least one level of relation between or among the one or more network accessible users based at least partially on one or more changes to relations indicated by at least one of the one or more network accessible users, the one or more changes indicated via at least one social network. For certain example implementations, a computer device may alter at least one level of relation (e.g., increase or decrease a recorded or mapped number of tier level or levels, change a relationship from being married to being unmarried or vice versa, change a relationship from being roommates to not being roommates or vice versa, change a relationship from being co-workers to being acquaintances or vice versa, change a relationship from being involved romantically to not being involved romantically or vice versa, any combination thereof, etc.) between or among one or more network accessible users based at least partially on one or more changes to relations (e.g., becoming closer friends, being married, getting divorced, ceasing being friends, starting to share machines or data, ceasing being co-workers, starting to date, having a greater or lesser number of contacts or social network members in common, communicating or otherwise interacting more or less frequently, increasing or decreasing a number of different social networks used to interact with a given individual or other entity, changing a number of common servers used, changing whether a connection exists on a given social network platform (e.g., friending or unfriending, following or un-following, a combination thereof, etc.), a combination thereof, etc.) indicated by at least one of the one or more network accessible users, the one or more changes indicated via at least one social network (e.g., by considering social network servers used, by querying a social network, by scraping a website of a social network, by utilizing a specialized protocol or API of a social network, by monitoring social network feeds, by monitoring public or private social network communications, by monitoring social network status updates, by monitoring social network connection updates, a combination thereof, etc.). An example instance may include updating a trust verification schema (e.g., a trust verification schema 303 of
For certain example embodiments, an operation 1130 may comprise mapping one or more locations of the one or more network accessible users to confirm the at least one level of relation between or among the one or more network accessible users. For certain example implementations, a computer device may map one or more locations (e.g., determine, ascertain, a combination thereof, etc. at least one physical or virtual location; link coordinates to an address or place name; determine a distance between two or more locations; some combination thereof; etc.) of one or more network accessible users to confirm at least one level of relation (e.g., verify that at least two network accessible users have visited locations in common or are in proximity to each other) between or among the one or more network accessible users. An example instance may include, with reference to
With reference to
For certain example embodiments, an operation 1003 may include an operation 1132 for authenticating a shared computer processing request via verification of at least one of the one or more network accessible users based at least partly on the trust verification schema. For certain example implementations, a computer device may authenticate a shared computer (e.g., a computing device 10, another device 60, a combination thereof, etc. that is being used by, that is configured to be usable by, that is associated with—such as via logon accounts or via service provider accounts—multiple users, a combination thereof, etc.) processing request (e.g., a request to conduct a transaction, a request to execute a particular application, a request to perform some function, a request to access some data or device capability, a request to make a purchase, a request to install an application, a combination thereof, etc.) via verification (e.g., confirmation of identity, consideration of current behavioral fingerprint information, acceptance of valid authentication credentials, a combination thereof, etc.) of at least one of the one or more network accessible users based at least partly on a trust verification schema (e.g., a trust verification schema 303 of
For certain example embodiments, an operation 1003 for transmitting from the computer device a decision associated with the authentication request, the decision based at least partially on a trust verification schema generated from a relational mapping of the one or more behavioral fingerprints associated with the one or more network accessible users may include an operation 1133 for authenticating an internet purchase transaction via verification of at least one of the one or more network accessible users based at least partly on the trust verification schema. For certain example implementations, a computer device may authenticate an internet purchase transaction (e.g., a transaction at least partially initiated, conducted, completed, effectuated, a combination thereof, etc. using the internet) via verification (e.g., confirmation of identity, consideration of current behavioral fingerprint information, acceptance of valid authentication credentials, a combination thereof, etc.) of at least one of the one or more network accessible users based at least partly on a trust verification schema (e.g., a trust verification schema 303 of
For certain example embodiments, an operation 1003 may include an operation 1134 for authenticating a purchase by a first network accessible user of the one or more network accessible users based at least partially on a location of a second network accessible user of the one or more network accessible users and on the trust verification schema. For certain example implementations, a computer device may authenticate a purchase (e.g., verify that a person representing himself or herself as having a particular identity does indeed have that identity, approve a purchase, indicate that a person has permission to make a purchase, indicate that it is plausible that an identified person is indeed requesting a particular purchase, a combination thereof, etc.) by a first network accessible user of one or more network accessible users based at least partially (i) on a location (e.g., an address, a set of GPS coordinates, an establishment name, a person's home, a neighborhood, a geographic range or area based on an antenna's position, a combination thereof, etc.) of a second network accessible user of the one or more network accessible users and (ii) on a trust verification schema (e.g., a trust verification schema 303 of
For certain example embodiments, an operation 1003 may include an operation 1135 for denying at least one proposed transaction of the one or more proposed transactions that is attempted by at least one of the one or more network accessible users based at least partly on the trust verification schema. For certain example implementations, a computer device may deny at least one proposed (e.g., requested, indicated, pending, non-final, unconsummated, non-executed, incomplete, suggested, a combination thereof, etc.) transaction (e.g., a purchase; a sale; an exchange of goods, services, money, or other consideration; a financial transaction; an internet-based transaction; a transaction including virtual goods or services; a physical retailer-based transaction; a transaction for a subscription; a transaction for access to a physical or virtual good or resource; a transaction for an entertainment object, such as a movie, TV show, or song; a combination thereof; etc.) of one or more proposed transactions that is attempted by at least one user of one or more network accessible users based at least partly on a trust verification schema (e.g., a trust verification schema 303 of
For certain example embodiments, an operation 1135 may include an operation 1136 for denying the at least one proposed transaction based at least partially on a calculated combined level of authentication for related network accessible users and on a predetermined combined level of authentication that is indicated by the trust verification schema. For certain example implementations, a computer device may deny at least one proposed transaction based at least partially (i) on a calculated combined level of authentication for (e.g., a level of authentication shared by, jointly assigned to, bilaterally adopted, at least partially simultaneously belonging to, a combination thereof, etc. at least two users that are) related (e.g., via one or more social or technical relationships) network accessible users and (ii) on a predetermined combined level of authentication that is indicated by a trust verification schema (e.g., a level of authentication established or stored by a trust verification schema 303 that leads to joint transaction denials for each user of a combined group of users if any user of the group has a level of authentication reach or fall below the predetermined combined level of authentication). An example instance may include accessing multiple levels of authentication associated with users A, B, or C with reference to a trust verification schema 303 of
Those having skill in the art will recognize that the state of the art has progressed to the point where there is little distinction left between hardware and software implementations of aspects of systems; the use of hardware or software is generally (but not always, in that in certain contexts the choice between hardware and software can become significant) a design choice representing cost vs. efficiency tradeoffs. Those having skill in the art will appreciate that there are various vehicles by which processes and/or systems and/or other technologies described herein can be effected (e.g., hardware, software, and/or firmware in one or more machines or articles of manufacture), and that the preferred vehicle will vary with the context in which the processes and/or systems and/or other technologies are deployed. For example, if an implementer determines that speed and accuracy are paramount, the implementer may opt for a mainly hardware and/or firmware vehicle; alternatively, if flexibility is paramount, the implementer may opt for a mainly software implementation that is implemented in one or more machines or articles of manufacture; or, yet again alternatively, the implementer may opt for some combination of hardware, software, and/or firmware in one or more machines or articles of manufacture. Hence, there are several possible vehicles by which the processes and/or devices and/or other technologies described herein may be effected, none of which is inherently superior to the other in that any vehicle to be utilized is a choice dependent upon the context in which the vehicle will be deployed and the specific concerns (e.g., speed, flexibility, or predictability) of the implementer, any of which may vary. Those skilled in the art will recognize that optical aspects of implementations will typically employ optically-oriented hardware, software, and or firmware in one or more machines or articles of manufacture.
The foregoing detailed description has set forth various embodiments of the devices and/or processes via the use of block diagrams, flowcharts, and/or examples. Insofar as such block diagrams, flowcharts, and/or examples contain one or more functions and/or operations, it will be understood by those within the art that each function and/or operation within such block diagrams, flowcharts, or examples can be implemented, individually and/or collectively, by a wide range of hardware, software, firmware, or virtually any combination thereof. In one embodiment, several portions of the subject matter described herein may be implemented via Application Specific Integrated Circuitry (ASICs), Field Programmable Gate Arrays (FPGAs), digital signal processors (DSPs), or other integrated formats. However, those skilled in the art will recognize that some aspects of the embodiments disclosed herein, in whole or in part, can be equivalently implemented in integrated circuitry, as one or more computer programs running on one or more computers (e.g., as one or more programs running on one or more computer systems), as one or more programs running on one or more processors (e.g., as one or more programs running on one or more microprocessors), as firmware, or as virtually any combination thereof, and that designing the circuitry and/or writing the code for the software and or firmware would be well within the skill of one of skill in the art in light of this disclosure. In addition, those skilled in the art will appreciate that the mechanisms of the subject matter described herein are capable of being distributed as a program product in a variety of forms, and that an illustrative embodiment of the subject matter described herein applies regardless of the particular type of signal bearing medium used to actually carry out the distribution. Examples of a signal bearing medium include, but are not limited to, the following: a recordable type medium such as a floppy disk, a hard disk drive, a Compact Disc (CD), a Digital Video Disk (DVD), a digital tape, a computer memory, etc.; and a transmission type medium such as a digital and/or an analog communication medium (e.g., a fiber optic cable, a waveguide, a wired communications link, a wireless communication link, etc.).
In a general sense, those skilled in the art will recognize that the various aspects described herein which can be implemented, individually and/or collectively, by a wide range of hardware, software, firmware, or any combination thereof can be viewed as being composed of various types of “electrical circuitry.” Consequently, as used herein “electrical circuitry” includes, but is not limited to, electrical circuitry having at least one discrete electrical circuit, electrical circuitry having at least one integrated circuit, electrical circuitry having at least one application specific integrated circuit, electrical circuitry forming a general purpose computing device configured by a computer program (e.g., a general purpose computer configured by a computer program which at least partially carries out processes and/or devices described herein, or a microprocessor configured by a computer program which at least partially carries out processes and/or devices described herein), electrical circuitry forming a memory device (e.g., forms of random access memory), and/or electrical circuitry forming a communications device (e.g., a modem, communications switch, or optical-electrical equipment). Those having skill in the art will recognize that the subject matter described herein may be implemented in an analog or digital fashion or some combination thereof.
Those having skill in the art will recognize that it is common within the art to describe devices and/or processes in the fashion set forth herein, and thereafter use engineering practices to integrate such described devices and/or processes into data processing systems. That is, at least a portion of the devices and/or processes described herein can be integrated into a data processing system via a reasonable amount of experimentation. Those having skill in the art will recognize that a typical data processing system generally includes one or more of a system unit housing, a video display device, a memory such as volatile and non-volatile memory, processors such as microprocessors and digital signal processors, computational entities such as operating systems, drivers, graphical user interfaces, and applications programs, one or more interaction devices, such as a touch pad or screen, and/or control systems including feedback loops and control motors (e.g., feedback for sensing position and/or velocity; control motors for moving and/or adjusting components and/or quantities). A typical data processing system may be implemented utilizing any suitable commercially available components, such as those typically found in data computing/communication and/or network computing/communication systems.
The herein described subject matter sometimes illustrates different components contained within, or connected with, different other components. It is to be understood that such depicted architectures are merely exemplary, and that in fact many other architectures can be implemented which achieve the same functionality. In a conceptual sense, any arrangement of components to achieve the same functionality is effectively “associated” such that the desired functionality is achieved. Hence, any two components herein combined to achieve a particular functionality can be seen as “associated with” each other such that the desired functionality is achieved, irrespective of architectures or intermedial components. Likewise, any two components so associated can also be viewed as being “operably connected”, or “operably coupled”, to each other to achieve the desired functionality, and any two components capable of being so associated can also be viewed as being “operably couplable”, to each other to achieve the desired functionality. Specific examples of operably couplable include but are not limited to physically mateable and/or physically interacting components and/or wirelessly interactable and/or wirelessly interacting components and/or logically interacting and/or logically interactable components.
While particular aspects of the present subject matter described herein have been shown and described, it will be apparent to those skilled in the art that, based upon the teachings herein, changes and modifications may be made without departing from the subject matter described herein and its broader aspects and, therefore, the appended claims are to encompass within their scope all such changes and modifications as are within the true spirit and scope of the subject matter described herein. Furthermore, it is to be understood that the invention is defined by the appended claims.
It will be understood by those within the art that, in general, terms used herein, and especially in the appended claims (e.g., bodies of the appended claims) are generally intended as “open” terms (e.g., the term “including” should be interpreted as “including but not limited to,” the term “having” should be interpreted as “having at least,” the term “includes” should be interpreted as “includes but is not limited to,” etc.). It will be further understood by those within the art that if a specific number of an introduced claim recitation is intended, such an intent will be explicitly recited in the claim, and in the absence of such recitation no such intent is present. For example, as an aid to understanding, the following appended claims may contain usage of the introductory phrases “at least one” and “one or more” to introduce claim recitations. However, the use of such phrases should not be construed to imply that the introduction of a claim recitation by the indefinite articles “a” or “an” limits any particular claim containing such introduced claim recitation to inventions containing only one such recitation, even when the same claim includes the introductory phrases “one or more” or “at least one” and indefinite articles such as “a” or “an” (e.g., “a” and/or “an” should typically be interpreted to mean “at least one” or “one or more”); the same holds true for the use of definite articles used to introduce claim recitations.
In addition, even if a specific number of an introduced claim recitation is explicitly recited, those skilled in the art will recognize that such recitation should typically be interpreted to mean at least the recited number (e.g., the bare recitation of “two recitations,” without other modifiers, typically means at least two recitations, or two or more recitations). Furthermore, in those instances where a convention analogous to “at least one of A, B, and C, etc.” is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., “a system having at least one of A, B, and C” would include but not be limited to systems that have A alone, B alone, C alone, A and B together, A and C together, B and C together, and/or A, B, and C together, etc.).
In those instances where a convention analogous to “at least one of A, B, or C, etc.” is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., “a system having at least one of A, B, or C” would include but not be limited to systems that have A alone, B alone, C alone, A and B together, A and C together, B and C together, and/or A, B, and C together, etc.). It will be further understood by those within the art that virtually any disjunctive word and/or phrase presenting two or more alternative terms, whether in the description, claims, or drawings, should be understood to contemplate the possibilities of including one of the terms, either of the terms, or both terms. For example, the phrase “A or B” will be understood to include the possibilities of “A” or “B” or “A and B.”
Claims
1. A computationally-implemented system comprising:
- circuitry for receiving at a computer device one or more behavioral fingerprints associated with one or more network accessible users;
- circuitry for receiving an authentication request at the computer device, the authentication request associated with one or more proposed transactions of the one or more network accessible users; and
- circuitry for transmitting from the computer device a decision associated with the authentication request, the decision based at least partially on a trust verification schema generated from a relational mapping of the one or more behavioral fingerprints associated with the one or more network accessible users.
2. The computationally-implemented system of claim 1, wherein the circuitry for receiving at a computer device one or more behavioral fingerprints associated with one or more network accessible users comprises:
- circuitry for sensing at the computer device one or more actions of the one or more network accessible users; and
- circuitry for applying at the computer device one or more reliability criteria to the sensed one or more actions of the one or more network accessible users to update the one or more behavioral fingerprints associated with the one or more network accessible users.
3. The computationally-implemented system of claim 2, wherein the circuitry for sensing at the computer device one or more actions of the one or more network accessible users comprises:
- circuitry for detecting at the computer device one or more contacts frequently interacted with by at least one of the one or more network accessible users via one or more social networks to determine at least one interaction pattern associated with the at least one of the one or more network accessible users; and
- circuitry for detecting one or more locations visited by at least one of the one or more network accessible users, the one or more locations including one or more of physical locations or internet address-based locations.
4. The computationally-implemented system of claim 2, wherein the circuitry for applying at the computer device one or more reliability criteria to the sensed one or more actions of the one or more network accessible users to update the one or more behavioral fingerprints associated with the one or more network accessible users comprises:
- circuitry for altering at least one of the one or more behavioral fingerprints associated with the one or more network accessible users as a function of the sensed one or more actions of the one or more network accessible users and at least one internet available entity.
5. The computationally-implemented system of claim 1, wherein the circuitry for receiving an authentication request at the computer device, the authentication request associated with one or more proposed transactions of the one or more network accessible users comprises:
- circuitry for relationally mapping the one or more behavioral fingerprints based at least partially on one or more relations between or among the one or more network accessible users as indicated by at least one social network.
6. The computationally-implemented system of claim 5, wherein the circuitry for relationally mapping the one or more behavioral fingerprints based at least partially on one or more relations between or among the one or more network accessible users as indicated by at least one social network comprises:
- circuitry for receiving data at the computer device from the at least one social network, the received data indicating one or more relations between or among the one or more network accessible users; and
- circuitry for mapping at the computer device one or more relationships that are extant between or among the one or more network accessible users based at least partially on the indicated one or more relations between or among the one or more network accessible users.
7. The computationally-implemented system of claim 5, wherein the circuitry for relationally mapping the one or more behavioral fingerprints based at least partially on one or more relations between or among the one or more network accessible users as indicated by at least one social network comprises:
- circuitry for determining at the computer device via the at least one social network that at least one respective network accessible user of the one or more network accessible users has at least one corresponding behavioral fingerprint of the one or more behavioral fingerprints;
- circuitry for determining at the computer device if the at least one corresponding behavioral fingerprint is maintained by the at least one respective network accessible user of the one or more network accessible users; and
- circuitry for relationally mapping by the computer device at least a subset of the one or more network accessible users for which the at least one corresponding behavioral fingerprint is maintained by the at least one respective network accessible user.
8. The computationally-implemented system of claim 1, wherein the circuitry for receiving an authentication request at the computer device, the authentication request associated with one or more proposed transactions of the one or more network accessible users comprises:
- circuitry for identifying by the computer device one or more relations between or among the one or more network accessible users;
- circuitry for correlating by the computer device the one or more behavioral fingerprints associated with the one or more network accessible users based at least partially on the identified one or more relations; and
- circuitry for generating the trust verification schema at least partially by mapping the correlated one or more behavioral fingerprints with the identified one or more relations.
9. The computationally-implemented system of claim 8, wherein the circuitry for identifying by the computer device one or more relations between or among the one or more network accessible users comprises:
- circuitry for identifying the one or more relations based at least partially on one or more social network data.
10. The computationally-implemented system of claim 8, wherein the circuitry for identifying by the computer device one or more relations between or among the one or more network accessible users comprises:
- circuitry for identifying the one or more relations via identifying one or more common network accessible users as linked via one or more social networks.
11. The computationally-implemented system of claim 8, wherein the circuitry for correlating by the computer device the one or more behavioral fingerprints associated with the one or more network accessible users based at least partially on the identified one or more relations comprises:
- circuitry for identifying the one or more behavioral fingerprints of the one or more network accessible users; and
- circuitry for comparing the identified one or more behavioral fingerprints based at least partially on one or more relationships existing between or among the one or more network accessible users.
12. The computationally-implemented system of claim 8, wherein the circuitry for generating the trust verification schema at least partially by mapping the correlated one or more behavioral fingerprints with the identified one or more relations comprises:
- circuitry for generating the trust verification schema using the correlated one or more behavioral fingerprints, wherein the correlated one or more behavioral fingerprints result in a particular level of authentication for one or more groups of related network accessible users of the one or more network accessible users.
13. The computationally-implemented system of claim 12, wherein the circuitry for generating the trust verification schema using the correlated one or more behavioral fingerprints, wherein the correlated one or more behavioral fingerprints result in a particular level of authentication for one or more groups of related network accessible users of the one or more network accessible users comprises:
- circuitry for determining at least one proximity of relation for the one or more network accessible users based at least partially on one or more social network linkages that are confirmed by at least a portion of the one or more network accessible users; and
- circuitry for determining at least one level of relation between or among the one or more network accessible users based at least partially on the determined at least one proximity of relation for the one or more network accessible users.
14. The computationally-implemented system of claim 13, wherein the circuitry for determining at least one level of relation between or among the one or more network accessible users based at least partially on the determined at least one proximity of relation for the one or more network accessible users comprises:
- circuitry for altering the at least one level of relation between or among the one or more network accessible users based at least partially on one or more changes to relations indicated by at least one of the one or more network accessible users, the one or more changes indicated via at least one social network.
15. The computationally-implemented system of claim 13, wherein the circuitry for determining at least one level of relation between or among the one or more network accessible users based at least partially on the determined at least one proximity of relation for the one or more network accessible users comprises:
- circuitry for mapping one or more locations of the one or more network accessible users to confirm the at least one level of relation between or among the one or more network accessible users.
16. The computationally-implemented system of claim 1, wherein the circuitry for transmitting from the computer device a decision associated with the authentication request, the decision based at least partially on a trust verification schema generated from a relational mapping of the one or more behavioral fingerprints associated with the one or more network accessible users comprises:
- circuitry for using the trust verification schema to automatically authenticate a proposed transaction associated with at least one of the one or more network accessible users based at least partly on a level of authentication associated with at least two of the one or more network accessible users.
17. The computationally-implemented system of claim 1, wherein the circuitry for transmitting from the computer device a decision associated with the authentication request, the decision based at least partially on a trust verification schema generated from a relational mapping of the one or more behavioral fingerprints associated with the one or more network accessible users comprises:
- circuitry for authenticating a shared computer processing request via verification of at least one of the one or more network accessible users based at least partly on the trust verification schema.
18. The computationally-implemented system of claim 1, wherein the circuitry for transmitting from the computer device a decision associated with the authentication request, the decision based at least partially on a trust verification schema generated from a relational mapping of the one or more behavioral fingerprints associated with the one or more network accessible users comprises:
- circuitry for authenticating an internet purchase transaction via verification of at least one of the one or more network accessible users based at least partly on the trust verification schema.
19. The computationally-implemented system of claim 1, wherein the circuitry for transmitting from the computer device a decision associated with the authentication request, the decision based at least partially on a trust verification schema generated from a relational mapping of the one or more behavioral fingerprints associated with the one or more network accessible users comprises:
- circuitry for authenticating a purchase by a first network accessible user of the one or more network accessible users based at least partially on a location of a second network accessible user of the one or more network accessible users and on the trust verification schema.
20. The computationally-implemented system of claim 1, wherein the circuitry for transmitting from the computer device a decision associated with the authentication request, the decision based at least partially on a trust verification schema generated from a relational mapping of the one or more behavioral fingerprints associated with the one or more network accessible users comprises:
- circuitry for denying at least one proposed transaction of the one or more proposed transactions that is attempted by at least one of the one or more network accessible users based at least partly on the trust verification schema.
21. The computationally-implemented system of claim 20, wherein the circuitry for denying at least one proposed transaction of the one or more proposed transactions that is attempted by at least one of the one or more network accessible users based at least partly on the trust verification schema comprises:
- circuitry for denying the at least one proposed transaction based at least partially on a calculated combined level of authentication for related network accessible users and on a predetermined combined level of authentication that is indicated by the trust verification schema.
22. A computationally-implemented system comprising:
- means for receiving at a computer device one or more behavioral fingerprints associated with one or more network accessible users;
- means for receiving an authentication request at the computer device, the authentication request associated with one or more proposed transactions of the one or more network accessible users; and
- means for transmitting from the computer device a decision associated with the authentication request, the decision based at least partially on a trust verification schema generated from a relational mapping of the one or more behavioral fingerprints associated with the one or more network accessible users.
23.-42. (canceled)
43. A method comprising:
- receiving at a computer device one or more behavioral fingerprints associated with one or more network accessible users;
- receiving an authentication request at the computer device, the authentication request associated with one or more proposed transactions of the one or more network accessible users; and
- transmitting from the computer device a decision associated with the authentication request, the decision based at least partially on a trust verification schema generated from a relational mapping of the one or more behavioral fingerprints associated with the one or more network accessible users.
44.-63. (canceled)
Type: Application
Filed: Jul 18, 2012
Publication Date: May 23, 2013
Inventors: Marc E. Davis (San Francisco, CA), Matthew G. Dyor (Bellevue, WA), Daniel A. Gerrity (Seattle, WA), Xuedong Huang (Bellevue, WA), Roderick A. Hyde (Redmond, WA), Royce A. Levien (Lexington, WA), Richard T. Lord (Tacoma, WA), Robert W. Lord (Seattle, WA), Mark A. Malamud (Seattle, WA), Nathan P. Myhrvold (Bellevue, WA), Clarence T. Tegreene (Mercer Island, WA)
Application Number: 13/552,502